<p>There is no fixed version for <code>darcyclarke-manifest-pkg</code>.</p>

Improper Interaction Between Multiple Correctly-Behaving Entities Affecting darcyclarke-manifest-pkg package, versions *

Snyk CVSS

Attack Complexity High

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-JS-DARCYCLARKEMANIFESTPKG-5742970
published 29 Jun 2023
disclosed 28 Jun 2023
credit Darcy Clarke

Report a new vulnerability Found a mistake?

Introduced: 28 Jun 2023

CWE-435 Open this link in a new tab First added by Snyk

How to fix?

There is no fixed version for darcyclarke-manifest-pkg.

Overview

darcyclarke-manifest-pkg is a research package to demonstrate the technique of manifest confusion

Affected versions of this package are vulnerable to Improper Interaction Between Multiple Correctly-Behaving Entities. This is not a vulnerability on its own.

This package is a proof of concept of Manifest Confusion, in which the contents of a publicly distributed open source package does not match the contents stated in its manifest file. More information on the discovery can be found on the Snyk Support Portal.

References

Manifest Confusion Blog Post